{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:38:59Z","timestamp":1762004339202,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,10,17]],"date-time":"2011-10-17T00:00:00Z","timestamp":1318809600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,10,17]]},"DOI":"10.1145\/2046707.2046777","type":"proceedings-article","created":{"date-parts":[[2011,10,18]],"date-time":"2011-10-18T13:02:00Z","timestamp":1318942920000},"page":"615-626","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Fortifying web-based applications automatically"],"prefix":"10.1145","author":[{"given":"Shuo","family":"Tang","sequence":"first","affiliation":[{"name":"University of Illinois, Urbana, IL, USA"}]},{"given":"Nathan","family":"Dautenhahn","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana, IL, USA"}]},{"given":"Samuel T.","family":"King","sequence":"additional","affiliation":[{"name":"University of Illinois, Urbana, IL, USA"}]}],"member":"320","published-online":{"date-parts":[[2011,10,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"JSON in JavaScript. http:\/\/www.json.org\/js.html.  JSON in JavaScript. http:\/\/www.json.org\/js.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Mitigating cross-site scripting with HTTP-only cookies. http:\/\/msdn.microsoft.com\/en-us\/library\/ms533046.aspx.  Mitigating cross-site scripting with HTTP-only cookies. http:\/\/msdn.microsoft.com\/en-us\/library\/ms533046.aspx."},{"key":"e_1_3_2_1_3_1","unstructured":"Qt - A Cross-platform application and UI. http:\/\/qt.nokia.com\/.  Qt - A Cross-platform application and UI. http:\/\/qt.nokia.com\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Symantec internet security threat report april 2010. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport.  Symantec internet security threat report april 2010. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport."},{"key":"e_1_3_2_1_5_1","unstructured":"The WebKit Open Source Project. http:\/\/webkit.org\/.  The WebKit Open Source Project. http:\/\/webkit.org\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Alexa. Alexa top 500 global sites. http:\/\/www.alexa.com\/topsites.  Alexa. Alexa top 500 global sites. http:\/\/www.alexa.com\/topsites."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755706"},{"key":"e_1_3_2_1_8_1","unstructured":"R. Barnett. Helping protect cookies with httponly flag. http:\/\/blog.modsecurity.org\/2008\/12\/helping-protect-cookies-with-httpon%ly-flag.html 2008.  R. Barnett. Helping protect cookies with httponly flag. http:\/\/blog.modsecurity.org\/2008\/12\/helping-protect-cookies-with-httpon%ly-flag.html 2008."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455782"},{"key":"e_1_3_2_1_10_1","volume-title":"The security architecture of the chromium browser","author":"Barth A.","year":"2008","unstructured":"A. Barth , C. Jackson , C. Reis , and The Google Chrome Team . The security architecture of the chromium browser , 2008 . http:\/\/crypto.stanford.edu\/websec\/chromium\/chromium-security-architectu%re.pdf. A. Barth, C. Jackson, C. Reis, and The Google Chrome Team. The security architecture of the chromium browser, 2008. http:\/\/crypto.stanford.edu\/websec\/chromium\/chromium-security-architectu%re.pdf."},{"key":"e_1_3_2_1_11_1","unstructured":"BBC. Facebook \"clickjacking\" spreads across site June 2010. http:\/\/www.bbc.co.uk\/news\/10224434.  BBC. Facebook \"clickjacking\" spreads across site June 2010. http:\/\/www.bbc.co.uk\/news\/10224434."},{"key":"e_1_3_2_1_12_1","unstructured":"Google Inc. Chromium. http:\/\/www.chromium.org\/chromium-os.  Google Inc. Chromium. http:\/\/www.chromium.org\/chromium-os."},{"key":"e_1_3_2_1_13_1","unstructured":"Google Inc. Google Caja. http:\/\/code.google.com\/p\/google-caja\/.  Google Inc. Google Caja. http:\/\/code.google.com\/p\/google-caja\/."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.19"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961659.1961665"},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Gundy M. V.","year":"2009","unstructured":"M. V. Gundy and H. Chen . Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks . In Proceedings of the Network and Distributed System Security Symposium , February 2009 . M. V. Gundy and H. Chen. Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In Proceedings of the Network and Distributed System Security Symposium, February 2009."},{"key":"e_1_3_2_1_17_1","volume-title":"September","author":"Hansen R.","year":"2008","unstructured":"R. Hansen and J. Grossman . Clickjacking , September 2008 . http:\/\/www.sectheory.com\/clickjacking.htm. R. Hansen and J. Grossman. Clickjacking, September 2008. http:\/\/www.sectheory.com\/clickjacking.htm."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242654"},{"issue":"2","key":"e_1_3_2_1_19_1","first-page":"271","article-title":"Glossary of terms","volume":"30","author":"Kohavi R.","year":"1998","unstructured":"R. Kohavi and F. Provost . Glossary of terms . Machine Learning , 30 ( 2 ): 271 -- 274 , 1998 . R. Kohavi and F. Provost. Glossary of terms. Machine Learning, 30(2):271--274, 1998.","journal-title":"Machine Learning"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/502152.502153"},{"key":"e_1_3_2_1_21_1","volume-title":"March","author":"Lawrence E.","year":"2010","unstructured":"E. Lawrence . Combating clickjacking with X-Frame-Options , March 2010 . http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2010\/03\/30\/combating-clickj%acking- with-x-frame-options.aspx. E. Lawrence. Combating clickjacking with X-Frame-Options, March 2010. http:\/\/blogs.msdn.com\/b\/ieinternals\/archive\/2010\/03\/30\/combating-clickj%acking- with-x-frame-options.aspx."},{"key":"e_1_3_2_1_22_1","unstructured":"G. Maone. NoScript - JavaScript\/Java\/Flash blocker for a safer Firefox experience! 2008. http:\/\/noscript.net\/.  G. Maone. NoScript - JavaScript\/Java\/Flash blocker for a safer Firefox experience! 2008. http:\/\/noscript.net\/."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium","author":"Nadji Y.","year":"2009","unstructured":"Y. Nadji , P. Saxen , and D. Song . Document structure integrity: A robust basis for cross-site scripting defense . In Proceedings of the Network and Distributed System Security Symposium , February 2009 . Y. Nadji, P. Saxen, and D. Song. Document structure integrity: A robust basis for cross-site scripting defense. In Proceedings of the Network and Distributed System Security Symposium, February 2009."},{"key":"e_1_3_2_1_24_1","unstructured":"E. V. Nava and D. Lindsay. Abusing internet explorer 8's xss filters. http:\/\/p42.us\/ie8xss\/Abusing_IE8s_XSS_Filters.pdf 2010.  E. V. Nava and D. Lindsay. Abusing internet explorer 8's xss filters. http:\/\/p42.us\/ie8xss\/Abusing_IE8s_XSS_Filters.pdf 2010."},{"key":"e_1_3_2_1_25_1","volume-title":"IE8 Security Part IV: The XSS Filter","author":"Ross D.","year":"2008","unstructured":"D. Ross . IEBlog : IE8 Security Part IV: The XSS Filter , 2008 . http:\/\/blogs.msdn.com\/ie\/archive\/2008\/07\/01\/ie8-security-part-iv-the-xs%s-filter.aspx. D. Ross. IEBlog : IE8 Security Part IV: The XSS Filter, 2008. http:\/\/blogs.msdn.com\/ie\/archive\/2008\/07\/01\/ie8-security-part-iv-the-xs%s-filter.aspx."},{"key":"e_1_3_2_1_26_1","volume-title":"Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In in IEEE Oakland Web 2.0 Security and Privacy (W2SP","author":"Rydstedt G.","year":"2010","unstructured":"G. Rydstedt , E. Bursztein , D. Boneh , and C. Jackson . Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In in IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010 ), 2010. G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In in IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010."},{"key":"e_1_3_2_1_27_1","volume-title":"Proceedings of the 17th Network and Distributed System Security Symposium (NDSS)","author":"Saxena P.","year":"2010","unstructured":"P. Saxena , S. Hanna , P. Poosankam , and D. Song . FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications . In Proceedings of the 17th Network and Distributed System Security Symposium (NDSS) , February 2010 . P. Saxena, S. Hanna, P. Poosankam, and D. Song. FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications. In Proceedings of the 17th Network and Distributed System Security Symposium (NDSS), February 2010."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180426"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb01338.x"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.35"},{"key":"e_1_3_2_1_31_1","volume-title":"April","author":"Stone P.","year":"2010","unstructured":"P. Stone . Next generation clickjacking , April 2010 . http:\/\/www.contextis.co.uk\/resources\/white-papers\/clickjacking\/Context-%Clickjacking_white_paper.pdf. P. Stone. Next generation clickjacking, April 2010. http:\/\/www.contextis.co.uk\/resources\/white-papers\/clickjacking\/Context-%Clickjacking_white_paper.pdf."},{"key":"e_1_3_2_1_32_1","volume-title":"Symantec global Internet security threat report: Trends for","author":"Symantec Inc.","year":"2008","unstructured":"Symantec Inc. Symantec global Internet security threat report: Trends for 2008 , April 2009. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport. Symantec Inc. Symantec global Internet security threat report: Trends for 2008, April 2009. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772786"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.5555\/1924943.1924945"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.33"},{"volume-title":"February","year":"2009","key":"e_1_3_2_1_36_1","unstructured":"Twitter. Clickjacking blocked , February 2009 . http:\/\/blog.twitter.com\/2009\/02\/clickjacking-blocked.html. Twitter. Clickjacking blocked, February 2009. http:\/\/blog.twitter.com\/2009\/02\/clickjacking-blocked.html."},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS)","author":"Vogt P.","year":"2007","unstructured":"P. Vogt , F. Nentwich , N. Jovanovic , E. Kirda , C. Kruegel , and G. Vigna . Cross-site scripting prevention with dynamic data tainting and static analysis . In Proceedings of the Network and Distributed System Security Symposium (NDSS) , February 2007 . P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the Network and Distributed System Security Symposium (NDSS), February 2007."},{"key":"e_1_3_2_1_38_1","unstructured":"W3C. HTML 5. http:\/\/www.w3.org\/TR\/html5\/.  W3C. HTML 5. http:\/\/www.w3.org\/TR\/html5\/."},{"key":"e_1_3_2_1_39_1","unstructured":"W3C. The iframe element. http:\/\/www.w3.org\/TR\/html5\/the-iframe-element.html.  W3C. The iframe element. http:\/\/www.w3.org\/TR\/html5\/the-iframe-element.html."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1294261.1294263"},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 2009 USENIX Security Symposium","author":"Wang H. J.","year":"2009","unstructured":"H. J. Wang , C. Grier , A. Moshchuk , S. T. King , P. Choudhury , and H. Venter . The multi-principal OS construction of the Gazelle web browser . In Proceedings of the 2009 USENIX Security Symposium , August 2009 . H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter. The multi-principal OS construction of the Gazelle web browser. In Proceedings of the 2009 USENIX Security Symposium, August 2009."},{"key":"e_1_3_2_1_42_1","volume-title":"Cross-site request forgeries: Exploitation and prevention. Technical report","author":"Zeller W.","year":"2008","unstructured":"W. Zeller and E. W. Felten . Cross-site request forgeries: Exploitation and prevention. Technical report , Princeton University , October 2008 . http:\/\/www.freedom-to-tinker.com\/sites\/default\/files\/csrf.pdf. W. Zeller and E. W. Felten. Cross-site request forgeries: Exploitation and prevention. Technical report, Princeton University, October 2008. http:\/\/www.freedom-to-tinker.com\/sites\/default\/files\/csrf.pdf."}],"event":{"name":"CCS'11: the ACM Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Chicago Illinois USA","acronym":"CCS'11"},"container-title":["Proceedings of the 18th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046777","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2046707.2046777","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:48:42Z","timestamp":1750240122000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2046707.2046777"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,10,17]]},"references-count":42,"alternative-id":["10.1145\/2046707.2046777","10.1145\/2046707"],"URL":"https:\/\/doi.org\/10.1145\/2046707.2046777","relation":{},"subject":[],"published":{"date-parts":[[2011,10,17]]},"assertion":[{"value":"2011-10-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}